protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
// load the user and make sure they are valid
var userName = httpContext.User.Identity.Name;
var membership = new AccountMembershipService();
var result = membership.IsValidUser(userName);
if (result)
{
// load the site id
var siteId = httpContext.Request.RequestContext.RouteData.Values["site"];
var personRepository = SmartServiceLocator<IRepositoryWithTypedId<Person, string>>.GetService();
var person = personRepository.Queryable.First(a => a.User.LoweredUserName == userName.ToLower());
//httpContext.Result = new System.Web.Mvc.HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
return person.Sites.Any(a => a.Id == (string)siteId);
}
return false;
}